issue with remote access of AXIS cameras (utilizing Axis Companion)

ratherman

I have two sites (TZ670's - latest firmware) where my Axis cameras are not able to communicate (using Axis Companion app) to Axis servers (for remote access). I have one site where they are working (identical firewall) but I can't determine any differences - so there may be something else going on. I have enabled Multicast on the LAN interface on one of the problem sites and in the Packet trace I am getting these dropped packets:

10.10.10.159 is one of the AXIS cameras and 3.211.113.147 seems to be an Amazon Data server.

Ethernet Header

 Ether Type: IP(0x800), Src=[ac:cc:8e:31:bd:b9], Dst=[2c:b8:ed:77:ed:34]

IP Packet Header

 IP Type: TCP(0x6), Src=[10.100.10.159], Dst=[3.211.113.147]

TCP Packet Header

 TCP Flags = [ACK,PSH,], Src=[34560], Dst=[443], Checksum=0xe6d

Application Header

 HTTPS

Value:[0]

DROPPED, Drop Code: 132(IDP detection DROP_IP_IDP_RESET_CONNECTION), Module Id: 25(network), (Ref.Id: _9150_txGsIboemfJqQlu) 1:3)

Ethernet Header

 Ether Type: IP(0x800), Src=[ac:cc:8e:31:bd:b9], Dst=[01:00:5e:00:00:fb]

IP Packet Header

 IP Type: UDP(0x11), Src=[10.100.10.159], Dst=[224.0.0.251]

UDP Packet Header

 Src=[5353], Dst=[5353], Checksum=0xcbc5, Message Length=188 bytes

Application Header

 Not Known: 

Value:[0]

DROPPED, Drop Code: 166(Multicast forwarding not configured), Module Id: 25(network), (Ref.Id: _11613_iboemfNvmujdbtuQbdlfu) 3:3)

Looking for next troubleshooting steps.

Thak you,

John R

Mr_Klaatu

@ratherman

The below KB Article will help you to understand that its Intrusion Detection/Prevention Service that could be blocking the Camera/App Traffic with the message Drop Code: 132(IDP detection DROP_IP_IDP_RESET_CONNECTION), Module Id: 25(network). You might want to check the EventLogs to see if there is an event entry that will give the IPS Signature that dropped the traffic and thus try to disable or bypass it for the camera.

https://www.sonicwall.com/support/knowledge-base/how-can-i-resolve-drop-code-idp-detection/170505629953759/

You could then use the below KB to disable/bypass the IPS signature for the camera

https://www.sonicwall.com/support/knowledge-base/how-to-exclude-a-specific-ips-signature-id/170505412556870/

You can ignore this message Drop Code: 166(Multicast forwarding not configured), Module Id: 25(network) if the cameras doesn't need to form a multicast group with other cameras. You might want to check camera vendors documentation on how to set it up behind a Firewall.

If the above doesn't answer your question, please feel free to contact our Technical Support at https://www.sonicwall.com/support/contact-support/ to speak to a Technical Support Engineer who can assist you over the Phone to address your issue.